In CHR yesterday, I had a person contact us because they got a merge request they did not initiate. In the email we send them, we have this snippet
>> If you didn't ask to merge these accounts, please >> either ignore this email or report it to the >> Launchpad team: feedb...@launchpad.net We invite them to contact us...but the email to feedback was not actionable, as far as I could tell. I asked Robert if he had any thoughts on it. Here's the meat of Rob's reply: > So the question is; do we expect to follow up on these and ask > jkoch-contact if they were really trying to phish the other persons > account, or if they made a typo. > > I think this is a team-wide discussion, but here is my take: > - I suspect we wouldn't generally follow up each case (manpower, > marginal utility) > - we probably could do some automated handling to look for one user > requesting multiple merges > - or users from one particular domain > - or users in one particular group > > But we can do that server side if we choose to. So > - Perhaps we should have a FAQ about how these things can go wrong, > put that in the email > - and say in the FAQ 'if you wish to discuss this erroneous merge > request - if you think it was malicious - please contact us @ > feedback.' I pretty much agree with him, but I think that we should do even less than a FAQ. I think we should change the email to say something like this: "If you didn't ask to merge these accounts, please ignore this email. If you have reason to believe that this merge request was malicious and not a mistake, please report it to the Launchpad team: feedb...@launchpad.net." I think that would be a sufficient next step. Thoughts? Thanks Gary _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : launchpad-dev@lists.launchpad.net Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
